Internal vs. External Vulnerability Scanning
Vulnerability scanning is a key component in creating and maintaining a strong security posture at your company. Vulnerability scanning identifies vulnerabilities you may not have been aware of, so that you can properly remediate these vulnerabilities to prevent them from being exploited.
Internal Vulnerability Scanning
Internal vulnerability scanning is conducted to identify potential gaps in your systems and take a proactive approach to protecting your network from known vulnerabilities.
These scans can also provide insight to patch management, and what needs to be updated on your network. Some vulnerabilities that you should be aware of and that commonly get detected through internal scanning are things such as third-party patches that need to be completed, regular patches such as monthly Windows patches as well as more specific named vulnerabilities such as Heartbleed or DROWN vulnerabilities.
When conducting internal scans, you should also be aware of credentialed versus uncredentialed scans. Credentialed internal scans can show you the types of systems and applications that can be exploited with credentials on the system. These can show the types of things an attacker can achieve when they have access to insider information via a user account.
Uncredentialed scans are also extremely important to run because not all attacks are conducted from the outside in via exploited credentials that grant insider access. Many attackers can also exploit systems without having privileged insider access, which these scans can show.
Internal scanning should be completed at minimum monthly, typically after your company’s “patch day” where you install all new updates.
External Vulnerability Scanning
External vulnerability scanning is used to identify weaknesses on the external IP addresses of your network. These scans not only identify vulnerabilities, but also identify open ports that could be exploited.
Looking at your network from the outside can show you if any new services and servers that you may have recently installed are at risk, or what ports might be exploitable from outside attackers.
Some examples of what will show up from external scans are the following: services listening on unsecure ports or transfer protocols and servers that have out of date or deprecated services such as SSL and TLS 1.0 or 1.1.
These scans should also be run monthly to identify some of the threats that you face from outside of your organization.
What to do After Scanning
After completing scans, whether they are internal or external, you and your organization need to make sure that action is taken to remediate the vulnerabilities that have been discovered. One way to get started with remediation is to create a Plan of Action and Milestones document. This can be completed based on the vulnerabilities that have been found, and with this you can track and plan when you and your company will or can remediate the vulnerabilities that were found.
Often times, some vulnerabilities take precedent over others so you want to ensure that you are planning out your remediation, with the most pressing vulnerabilities being remediated first.
For more information regarding vulnerability scans, please check out our page that discusses them more in-depth.